CVE-2025-43445
BaseFortify
Publication date: 2025-11-04
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ipados | to 26.1 (exc) |
| apple | iphone_os | to 26.1 (exc) |
| apple | macos | to 14.8.2 (exc) |
| apple | macos | From 15.0 (inc) to 15.7.2 (exc) |
| apple | tvos | to 26.1 (exc) |
| apple | visionos | to 26.1 (exc) |
| apple | watchos | to 26.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds read caused by insufficient input validation when processing media files. A specially crafted malicious media file can trigger this flaw, potentially causing unexpected application termination or corruption of process memory.
How can this vulnerability impact me? :
If exploited, this vulnerability can cause applications to crash unexpectedly or lead to memory corruption, which might be leveraged to disrupt normal device operation or potentially execute arbitrary code.
What immediate steps should I take to mitigate this vulnerability?
Apply the available security updates to your Apple devices, specifically updating to visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, watchOS 26.1, iOS 26.1, iPadOS 26.1, or tvOS 26.1 as applicable. Avoid processing untrusted or maliciously crafted media files until the update is applied.